• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved Can't remove files found with Adwcleaner

Status
Not open for further replies.
#21
Malnutrition said:
That is a sort of a canned speech that I post to most people I help. Your machine did not have many startups, but it did have an excess of scheduled task which could have been reduced. It is just not good to have a bunch of programs running with your machine. The idea is just to get people to reduce that without me having to specify for each person that I help. :)
Click to expand...

Yep, i hear ya. That's why as a rule i do try to check using that CCleaner via the start up button to make sure everything's disabled. (obviously not the cleaner, now that you suggested it be set to start up). Not sure if there's any other way of seeing what is running in the background, because everything is set to 'NO' (apart from cleaner) in that start up list.
 
#22
Just to be on safe side, do you have a link to the ADWcleaner, so i know that the one i had wasn't from a site that's not legit, please? Edited to add: I got mine from Toolslib.
 
#23
ONY said:
Not sure if there's any other way of seeing what is running in the background, because everything is set to 'NO' (apart from cleaner) in that start up list.
Click to expand...


You should be good on startups, but you have a few scheduled task...


Task: {0C800385-CD05-4F3C-91F8-F8714D902856} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {0CB46949-A6C9-44DC-9B86-B5E9C812F9B3} - System32\Tasks\Opera scheduled Autoupdate 1446941295 => C:\Program Files (x86)\Opera\launcher.exe [2016-11-21] (Opera Software)
Task: {29787115-9B98-4A04-A2A1-98DC83AA6D6E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {332FE905-8211-4EDA-A518-84D5654FDB5F} - System32\Tasks\{4275DC9F-8821-4EA2-B491-E34DA2322090} => pcalua.exe -a E:\autorun.exe -d E:\ -c /S
Task: {3B6389CD-BC34-4796-AB16-04F57B736A31} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {4058C680-5C08-486A-B739-708F26D80A97} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {51AEDA00-C97F-41E1-A611-A75CB4BF93AD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-09] (Microsoft Corporation)
Task: {556C3738-CA3D-4A2E-A261-4567F8AFFA7A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {58EBE241-1100-4420-AD98-B5EC2AF15895} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-13] (Google Inc.)
Task: {5E066C49-C81F-43BF-887E-562B05FCCAE2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-31] (Dropbox, Inc.)
Task: {626189F3-B4D1-4FC6-A4FE-C287EAB280C4} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4037697432-19161552-2693402626-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {76D9810C-2919-4010-95B8-EBCC5E8AD787} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-13] (Google Inc.)
Task: {7CF154E4-E9A2-4D1B-8919-61444F00AE97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {94B187FD-EBB9-4895-A7AF-147E0780158A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4037697432-19161552-2693402626-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {BB786937-6027-4A95-A50B-0DEA113190D8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-31] (Dropbox, Inc.)
Task: {C5B4884D-5083-4BC6-84EC-F078DE4C76A4} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {CBF681EF-D882-40F2-8086-39EA152C0562} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {D3ACFF49-9F3D-4D57-A765-0450B0C52526} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {D912CC0F-0251-4D89-9DD5-3FC7F18FBC59} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {F9D8DE98-2B77-4A88-B9C8-1998A62B170C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {FCFAB25D-AE3E-43DF-A9C1-9402BD19DC81} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-08] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4037697432-19161552-2693402626-1001Core1d143f2e5c093c2.job => C:\Users\ONY\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
#30
ZHP Cleaner log results and attaching screenshot. Will now do the other Security check one:

~ ZHPCleaner v2016.11.27.205 by Nicolas Coolman (2016/11/27)
~ Run by ONY (Administrator) (28/11/2016 16:07:58)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\ONY\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\ONY\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1, 64-bit (Build 9600)


---\\ Services (0)
~ No malicious or unnecessary items found.


---\\ Browser internet (1)
REPLACED Google Chrome Preferences: "https://api.ciuvo.com/" =>PUP.Optional.PriceSparrow


---\\ Hosts file (1)
~ The hosts file is legitimate (21)


---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\ Explorer ( File, Folder) (38)
MOVED file: C:\Users\ONY\AppData\Roaming\Mozilla\Firefox\Profiles\a08wt622.default-1472855301786\Extensions\clipconverter@clipconverter.cc.xpi =>.Superfluous.MindSpark
MOVED file: C:\Windows\Installer\wix{89AFB053-A343-46EF-97E4-D593AD7184E6}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{C4123106-B685-48E6-B9BD-E4F911841EB4}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashRpt =>.Superfluous.CrashReports
MOVED folder: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\CrashRpt =>.Superfluous.CrashReports
MOVED folder: C:\WINDOWS\Installer\MSI113D.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI195C.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI1EB4.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI1FDE.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI216B.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI2303.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI2C33.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI3869.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI45E7.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI4A92.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI4C31.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI4E4C.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI526C.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI57A3.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI5C60.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI5F6E.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI64F3.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI6765.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI68B6.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI69FF.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI6CCF.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI6FCE.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI727E.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI7483.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI77DF.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI787.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI7B3D.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI959D.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI9AAF.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI9BD9.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIA5BF.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIA93A.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIB1A7.tmp- =>.Superfluous.Empty


---\\ Registry ( Key, Value, Data) (5)
DELETED key*: HKEY_USERS\S-1-5-21-4037697432-19161552-2693402626-1001\SOFTWARE\bitlord.com [] =>PUP.Optional.WhenUSave
DELETED key*: HKEY_USERS\S-1-5-21-4037697432-19161552-2693402626-1001\SOFTWARE\Classes\Magnet [BitLord magnet URI] =>PUP.Optional.WhenUSave
DELETED key: HKCU\Software\bitlord.com [] =>PUP.Optional.WhenUSave
DELETED key*: [X64] HKLM\SOFTWARE\Classes\BitLord [BitLord] =>PUP.Optional.WhenUSave
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect


---\\ Summary of the elements found (6)
https://www.nicolascoolman.com/fr/pup-pricesparrow/ =>PUP.Optional.PriceSparrow
https://www.anti-malware.top/2016/05/29/superfluous-mindspark/ =>.Superfluous.MindSpark
https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.Empty
https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.CrashReports
https://www.nicolascoolman.com/fr/adware-whenusave/ =>PUP.Optional.WhenUSave
https://www.anti-malware.top/2016/04/22/heuristic-suspect/ =>Heuristic.Suspect


---\\ Other deletions. (11)
~ Registry Keys Tracing deleted (11)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)


---\\ Statistics
~ Items scanned : 3278
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 44


~ End of clean in 00h00mn09s
~====================
ZHPCleaner-[R]-28112016-16_08_07.txt
ZHPCleaner--28112016-16_07_30.txt
Mmnln

 
#32
SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 28.11.2016 16:16:54
Path starting: C:\Users\ONY\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: ONY
VersionXML: 3.54is-25.11.2016
___________________________________________________________________________

Windows 8.1(6.3.9600) (x64) Core Lang: English(0809)
Installation date OS: 05.08.2014 12:59:21
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [909.7 Gb] Used: [364 Gb] Free: [545.7 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18525
User Account Control enabled
Automatically download and schedule installation
Date install updates: 2016-11-09 11:29:52
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2013 x86 v.15.0.4454.1510
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled and up to date)
Bitdefender Antivirus Free Edition (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Bitdefender Antivirus Free Edition (enabled and up to date)
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Bitdefender Antivirus Free Edition v.1.0.21.1109
-------------------------- [ SecurityUtilities ] --------------------------
SUPERAntiSpyware v.6.0.1212
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
--------------------------- [ OtherUtilities ] ----------------------------
VLC media player v.2.1.5 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.18 v.7.18.103 Warning! Download Update
^Optional update.^
---------------------------- [ ProxyAndVPNs ] -----------------------------
Hotspot Shield 5.1.7 v.5.1.7 Warning! This app can show ads.
Hotspot Shield Service (hshld) - The service has stopped
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.0.0.10 Warning! Download Update
^Please use Apple Software Update tool.^
iTunes v.12.1.2.27 Warning! Download Update
^Please use Apple Software Update tool.^
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 23 NPAPI v.23.0.0.207
Adobe Flash Player 23 PPAPI v.23.0.0.207
Adobe Shockwave Player 12.0 v.12.0.3.133 Warning! Download Update
Adobe Acrobat Reader DC v.15.020.20042
------------------------------- [ Browser ] -------------------------------
Google Chrome v.54.0.2840.99
Mozilla Firefox 50.0 (x86 en-GB) v.50.0
Opera Stable 41.0.2353.69 v.41.0.2353.69
Safari v.5.34.54.16 Warning! This software is no longer supported.
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.54.0.2840.99
------------------ [ AntivirusFirewallProcessServices ] -------------------
Bitdefender Antivirus Free Edition (gzserv) - The service is running
C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe v.1.0.21.1106
SAS Core Service (!SASCORE) - The service is running
C:\Program Files\SUPERAntiSpyware\SASCore64.exe v.6.0.0.1080
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
---------------------------- [ UnwantedApps ] -----------------------------
WildTangent Games v.1.0.4.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Update Installer for WildTangent Games App << Hidden Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
WildTangent Games App (HP Games) v.4.0.10.15 << Hidden Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Skype Click to Call v.8.5.0.9167 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------
 
#34
Well i downloaded and ran the 'Patch my PC' and it updated 17 items. I then rebooted laptop and ran the Adwcleaner just to check again and it shows these 3 files (which i have had several times and it DOES and DID remove them fine) but im just curious as to where they come from and why they would keep coming back? The main 2 i came on here for have definitely been removed, so from that standpoint, yes this problem has been fixed and i really appreciate all the time and help you have given. But do you have any idea why these other 3 would keep coming back? Especially as i haven't been browsing the internet, i have only been on here and the scan websites to download the scans. (As i said before, they often appear, so i know it's not something that is actually linked specifically to here or those download sites). Im trying to include screenshot via photobucket. Hopefully you will be able to see it.
ADW%20RESULTS.jpg
[/URL][/IMG]

Nope, it won't allow me to post screenshot?
 
#38
Glad to have helped!! Please tell a friend ...... or two about us.
smile.png


Optimize your internet connection.

Click here for instructions.

suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.


Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.


Some items to keep you safe on the internet.


VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.



Now Lets Clean up the tools we used and remove old restore points.



Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore



Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt
 
Last edited:
  • Like
Reactions: ONY
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu